Protecting Multiple Sites Under a Single SSL Certificate

Do you operate multiple web sites and domains that need SSL Certificates?

SSL Certificates are essential if you operate a web site that exchanges personal information with visitors. They provide secured, encrypted communication where the visitor’s browser can verify it is connecting to your site and not some criminal that has hacked in to your site.

However, if you operate a lot of sites that require SSL Certificates it can get expensive and difficult to manage. Certificate Authorities charge annual fees for them and each certificate has an expiration date. If you have a large number you want to be sure that you do not leave any expired or revoked certificates in service. Browsers will display warnings for expired and revoked certificates that the site might not be trustworthy. That’s not the kind of messages you want your visitors to see if you value your reputation.

But there is good news!

There are two different types of SSL Certificates that could help you efficiently operate multiple sites, but you need to understand what they cover and their limitations before you decide what to use.

Wild Card SSLs for Subdomains

If you need SSL for multiple subdomains you should consider a Wildcard SSL. You can purchase one wildcard SSL that will cover a site and all its sub sites.

For example, you can apply one wildcard SSL that covers jelly.com, grape.jelley.com, strawberry.jelley.com, etc. The possibilities are literally endless!

The more subdomains that you operate the greater the benefit.

However, before you implement a wildcard SSL you need to understand two significant factors. First, wildcard SSLs are not issued with EV (Enhanced Verification). They are appropriate for many purposes on the public internet and internal intranet sites, but if you need the highest degree of assurance you need an EV Certificate.

An EV Certificate not only assures your visitors that you own the site, it assures them that you are a trustworthy business operation. This is critical for financial transactions, such as on shopping cart sites or other online payments.

Second, you should also consider that if one server or subdomain covered by the wildcard is compromised all of the others for that certificate are at risk.

The bottom line is that wildcard SSLs can be great, but make sure you use them wisely.

UC SSLs for Multiple Domains

If your organization uses an MS Exchange or Office Communications Server (OCS) environment, you can consolidate all of your certificates into a single Unified Communications (UC) SSL Certificate

UC SSL Certificates can be applied to multiple domains and host names. One UCC SSL certificate can be used for a domain and up to 99 alternate names, called Subject Alternate Names (SANs).

For example, you can protect both www.kjudge.com and www.kjudge.net with a single certificate.

A UC SSL Certificate differs from others only in that it includes a SAN field to list domains that the certificate will protect in addition to the primary domain. With Microsoft Exchange, you can easily update the SAN field to add or subtract domains.

Do you want to host multiple web sites on the same server? With a UCC SSL and SANs you can do that without having to use a unique IP Addresses for each site.

The only consideration here is that browsers display certificate information that shows the primary domain and all SANs. This is only a concern if you do not want your users to associate the sites.

Do you use Outlook Web Access?

If your operation uses Outlook Web Access (OWA) it is critical that all of your Exchange domains be protected by an SSL certificate. Otherwise, any sniffer could pick up userid and passwords and compromise your corporate communications.

UC SSL is an efficient way to cover all of your Exchange domains. Any additional costs from using SSL Certificates are nothing compared to the potential damage from a breach of your email system.

Conclusion

There are a lot of options when purchasing an SSL. It is important that you pick the right one that meets your needs and is cost effective.

Disclaimer: Blog contents express the viewpoints of their independent authors and
are not reviewed for correctness or accuracy by
Toolbox for IT. Any opinions, comments, solutions or other commentary
expressed by blog authors are not endorsed or recommended by
Toolbox for IT
or any vendor. If you feel a blog entry is inappropriate,
click here to notify
Toolbox for IT.

This blog covers topical issues related to Internet Security, such as the latest malware threats, high profile breaches,cyber ...
more

This blog covers topical issues related to Internet Security, such as the latest malware threats, high profile breaches,cyber crimes, cyber war fare and the latest security technology.
This blog encourages readers to be proactive in securing their computers and devices, not just for their own sake but to avoid being an unwitting participant in the nefarious activities of hackers and cyber warriors.
less

Receive the latest blog posts:

Share Your Perspective

Share your professional knowledge and experience with peers. Start a blog on Toolbox for IT today!